def get_credentials(self, section=None):
"""
Return a Credentials object containing the configured credentials.
Args:
section (str): The credential section to retrieve.
Returns:
Credentials: The credentials retrieved from that source.
Raises:
CredentialError: If there is any error retrieving the credentials.
"""
if section is None:
section = 'default'
if self._cached_credentials is None:
new_creds = {}
cred_files = [
p for p in self._search_path if self._security_check(p)
]
if not cred_files:
raise CredentialError(
f"Unable to locate credential file(s) from {self._search_path}"
)
raw_cred_files = [
str(p) for p in cred_files
] # needed to support 3.6.0 correctly & for error message
try:
parser = configparser.ConfigParser()
parser.read(raw_cred_files)
for sect in parser.sections():
new_creds[sect] = Credentials(
{name: value
for (name, value) in parser.items(sect)})
except configparser.Error as e:
raise CredentialError(
f"Unable to read credential file(s) {raw_cred_files}"
) from e
self._cached_credentials = new_creds
if section in self._cached_credentials:
return self._cached_credentials[section]
raise CredentialError(
f"Section {section} not found in credential file(s)")
def test_get_credentials_fail_open_base_key(monkeypatch, mox):
"""Test getting the credentials from the credential provider, but the base key won't open."""
monkeypatch.setattr(sys, "platform", "win32")
sut = RegistryCredentialProvider('Software\\Test')
mox.StubOutWithMock(sut, '_open_key')
mox.StubOutWithMock(sut, '_read_value')
sut._open_key(HKEY_CURRENT_USER, 'Software\\Test').AndRaise(
CredentialError("Unable to open registry subkey"))
mox.ReplayAll()
with pytest.raises(CredentialError) as e:
sut.get_credentials('default')
assert "Unable to open registry subkey" in str(e.value)
mox.VerifyAll()
def test_read_str_exceptions(monkeypatch, mox):
"""Test reading strings from the registry in ways that throw exceptions."""
monkeypatch.setattr(sys, "platform", "win32")
sut = RegistryCredentialProvider()
mox.StubOutWithMock(sut, '_read_value')
stub_key = StubKeyObject()
sut._read_value(stub_key, "Alpha").AndReturn((42, REG_DWORD))
sut._read_value(stub_key,
"Bravo").AndRaise(CredentialError("Unable to read"))
mox.ReplayAll()
with pytest.raises(CredentialError) as e1:
sut._read_str(stub_key, "Alpha")
assert "not of string type" in str(e1.value)
with pytest.raises(CredentialError) as e2:
sut._read_str(stub_key, "Bravo")
assert "Unable to read" in str(e2.value)
mox.VerifyAll()
def test_read_bool_exceptions(monkeypatch, mox):
"""Test reading boolean values from the registry, in ways that generate exceptions."""
monkeypatch.setattr(sys, "platform", "win32")
sut = RegistryCredentialProvider()
mox.StubOutWithMock(sut, '_read_value')
stub_key = StubKeyObject()
sut._read_value(stub_key, "Alpha").AndReturn(("!Funky!Stuff!", REG_SZ))
sut._read_value(stub_key,
"Bravo").AndRaise(CredentialError("Unable to read"))
mox.ReplayAll()
with pytest.raises(CredentialError) as e1:
sut._read_bool(stub_key, "Alpha")
assert "not of integer type" in str(e1.value)
with pytest.raises(CredentialError) as e2:
sut._read_bool(stub_key, "Bravo")
assert "Unable to read" in str(e2.value)
mox.VerifyAll()
def get_credentials(self, section=None):
"""
Return a Credentials object containing the configured credentials.
Args:
section (str): The credential section to retrieve.
Returns:
Credentials: The credentials retrieved from that source.
Raises:
CredentialError: If there is any error retrieving the credentials.
"""
if section in self._creds:
return self._creds[section]
else:
raise CredentialError(
f"section {section} not found in credentials")
def __init__(self, *args, **kwargs):
"""
Initialize the CBCloudAPI object.
Args:
*args (list): List of arguments to pass to the API object.
**kwargs (dict): Keyword arguments to pass to the API object.
Keyword Args:
profile (str): Use the credentials in the named profile when connecting to the Carbon Black server.
Uses the profile named 'default' when not specified.
"""
super(CBCloudAPI, self).__init__(*args, **kwargs)
self._thread_pool_count = kwargs.pop('thread_pool_count', 1)
self._lr_scheduler = None
self._async_executor = None
if not self.credentials.org_key:
raise CredentialError("No organization key specified")
def _open_key(self, basekey, path):
"""
Open a key for use. This is a "test point" intended to be monkeypatched.
Args:
basekey (PyHKEY): The base key that the path supplied extends from.
path (str): The path of the subkey to open from that base key.
Returns:
PyHKEY: The new subkey for use.
Raises:
CredentialError: If the subkey could not be opened for any reason.
"""
try:
return OpenKey(basekey, path)
except OSError as e:
raise CredentialError(
f"Unable to open registry subkey: {path}") from e
def __init__(self, keypath=None, userkey=True):
"""
Initialize the RegistryCredentialProvider.
Args:
keypath (str): Path from the selected base key to the key that will contain individual sections.
userkey (bool): True if the keypath starts at HKEY_CURRENT_USER, False if at HKEY_LOCAL_MACHINE.
Raises:
CredentialError: If we attempt to instantiate this provider on a non-Windows system.
"""
self._cached_credentials = {}
self._usable = sys.platform.startswith("win32")
if not self._usable:
raise CredentialError(
"Registry credential provider is only usable on Windows systems"
)
self._userkey = userkey
self._keypath = keypath or DEFAULT_KEYPATH
def get_credentials(self, section=None):
"""
Return a Credentials object containing the configured credentials.
Args:
section (str): The credential section to retrieve.
Returns:
Credentials: The credentials retrieved from that source.
Raises:
CredentialError: If there is any error retrieving the credentials.
"""
if not section:
raise CredentialError("Section must be specified")
if section not in self._cached_credentials:
with self._open_key(self._base_key(), self._keypath) as base_key:
with self._open_key(base_key, section) as section_key:
self._cached_credentials[section] = self._read_credentials(
section_key)
return self._cached_credentials[section]
def _read_bool(self, key, value_name):
"""
Read a boolean value from the registry key specified.
Args:
key (PyHKEY): The key to read a value from.
value_name (str): The name of the value to be returned.
Returns:
bool: The value read in. May return None if the value was not found.
Raises:
CredentialError: If there was an error reading the value, or if the value was of the wrong type.
"""
val = self._read_value(key, value_name)
if val:
if val[1] != REG_DWORD:
raise CredentialError(
f"value '{value_name}` is not of integer type")
return val[0] != 0
return None
def _read_value(self, key, value_name):
"""
Read a value from the registry key specified. This is a "test point" intended to be monkeypatched.
Args:
key (PyHKEY): The key to read a value from.
value_name (str): The name of the value to be returned.
Returns:
tuple: First element of the tuple is the actual value. Second element is the data type as an index.
May return None if the value was not found.
Raises:
CredentialError: If there was an unanticipated error reading the value.
"""
try:
return QueryValueEx(key, value_name)
except FileNotFoundError:
return None
except OSError as e:
raise CredentialError(
f"Unable to read registry value: {value_name}") from e
def __init__(self, *args, **kwargs):
super(CBCloudAPI, self).__init__(*args, **kwargs)
self._lr_scheduler = None
if not self.credentials.org_key:
raise CredentialError("No organization key specified")